meld-cp / obsidian-encrypt

Hide secrets in your Obsidian.md vault
MIT License
625 stars 36 forks source link

Enable single session authentication within Obsidian application #149

Closed geneorama closed 8 months ago

geneorama commented 10 months ago

This is very similar to #146, but takes it a step further.

I would imagine most vaults are personal vaults with a single user, and for most people they would want to expose all of the encrypted notes with a single password at the beginning of their session.

Not only would this be a convenience, it would be necessary to protect against accidental encryption with possible data loss. For example, if someone needs to change their password for their encrypted notes, they would need to change it in every instance of encrypted notes. If one note is missed, then that note would have a possibly forgotten password. This would be an especially insidious error if a vault were transferred to a new party, in the case of say an inheritance or when changing employment.

meld-cp commented 8 months ago

I agree, most would use the convenience of a single password throughout their vault.

In the next release, there'll be an option to remember session passwords at the vault level.

Which password is used per selected text or note would still be overridable by the user though. Using the remember by Vault setting will guide the user into using the same password but won't guarantee they do.

So the upcoming change helps but doesn't address the 'change all my passwords' problem... I'm not sure how to address that, perhaps a command line tool would work (like some issues have mentioned)

meld-cp commented 8 months ago

Vault session remembering will be released in v2.3.7